RFR: 8333354: ubsan: frame.inline.hpp:91:25: and src/hotspot/share/runtime/frame.inline.hpp:88:29: runtime error: member call on null pointer of type 'const struct SmallRegisterMap' [v3]

Wed Jul 24 14:41:32 UTC 2024

On Wed, 24 Jul 2024 13:59:44 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

>> When running with ubsan - enabled binaries, some tests trigger the following report :
>> 
>> src/hotspot/share/runtime/frame.inline.hpp:91:25: runtime error: member call on null pointer of type 'const struct SmallRegisterMap'
>>     #0 0x7fc1df86071e in unsigned char* frame::oopmapreg_to_location<SmallRegisterMap>(VMRegImpl*, SmallRegisterMap const*) const src/hotspot/share/runtime/frame.inline.hpp:91
>>     #1 0x7fc1df86071e in void OopMapDo<OopClosure, DerivedOopClosure, IncludeAllValues>::iterate_oops_do<SmallRegisterMap>(frame const*, SmallRegisterMap const*, ImmutableOopMap const*) src/hotspot/share/compiler/oopMap.inline.hpp:106
>>     #2 0x7fc1df8611df in void OopMapDo<OopClosure, DerivedOopClosure, IncludeAllValues>::oops_do<SmallRegisterMap>(frame const*, SmallRegisterMap const*, ImmutableOopMap const*) src/hotspot/share/compiler/oopMap.inline.hpp:157
>>     #3 0x7fc1df8611df in FrameOopIterator<SmallRegisterMap>::oops_do(OopClosure*) src/hotspot/share/oops/stackChunkOop.cpp:63
>>     #4 0x7fc1dcfc8745 in BarrierSetStackChunk::encode_gc_mode(stackChunkOopDesc*, OopIterator*) src/hotspot/share/gc/shared/barrierSetStackChunk.cpp:85
>>     #5 0x7fc1df854080 in bool TransformStackChunkClosure::do_frame<(ChunkFrames)0, SmallRegisterMap>(StackChunkFrameStream<(ChunkFrames)0> const&, SmallRegisterMap const*) src/hotspot/share/oops/stackChunkOop.cpp:319
>>     #6 0x7fc1df854080 in void stackChunkOopDesc::iterate_stack<(ChunkFrames)0, TransformStackChunkClosure>(TransformStackChunkClosure*) src/hotspot/share/oops/stackChunkOop.inline.hpp:233
>>     #7 0x7fc1df82f184 in void stackChunkOopDesc::iterate_stack<TransformStackChunkClosure>(TransformStackChunkClosure*) src/hotspot/share/oops/stackChunkOop.inline.hpp:199
>> 
>> Seems in case of (at least) class SmallRegisterMap we miss handling nullptr .
>
> Matthias Baesken has updated the pull request incrementally with one additional commit since the last revision:
> 
>   ATTRIBUTE_NO_UBSAN must be after template typename ...

When using the `ATTRIBUTE_NO_UBSAN` for  `frame::oopmapreg_to_location`  , we unfortunately run into another similar looking issue 
(e.g. when running jtreg test  java/net/vthread/HttpALot.java)

/jdk/src/hotspot/share/runtime/stackChunkFrameStream.inline.hpp:286:46: runtime error: member call on null pointer of type 'const struct SmallRegisterMap'
    #0 0x7febd955502d in void* StackChunkFrameStream<(ChunkFrames)1>::reg_to_loc<SmallRegisterMap>(VMRegImpl*, SmallRegisterMap const*) const src/hotspot/share/runtime/stackChunkFrameStream.inline.hpp:286
    #1 0x7febd955502d in void StackChunkFrameStream<(ChunkFrames)1>::iterate_oops<BarrierClosure<(stackChunkOopDesc::BarrierType)1, true>, SmallRegisterMap>(BarrierClosure<(stackChunkOopDesc::BarrierType)1, true>*, SmallRegisterMap const*) const src/hotspot/share/runtime/stackChunkFrameStream.inline.hpp:373
    #2 0x7febd955502d in void stackChunkOopDesc::do_barriers0<(stackChunkOopDesc::BarrierType)1, (ChunkFrames)1, SmallRegisterMap>(StackChunkFrameStream<(ChunkFrames)1> const&, SmallRegisterMap const*) src/hotspot/share/oops/stackChunkOop.cpp:375
    #3 0x7febd75a2121 in void stackChunkOopDesc::do_barriers<(stackChunkOopDesc::BarrierType)1, (ChunkFrames)1, SmallRegisterMap>(StackChunkFrameStream<(ChunkFrames)1> const&, SmallRegisterMap const*) src/hotspot/share/oops/stackChunkOop.inline.hpp:193
    #4 0x7febd75a2121 in ThawBase::recurse_thaw_compiled_frame(frame const&, frame&, int, bool) src/hotspot/share/runtime/continuationFreezeThaw.cpp:2246
    #5 0x7febd75a1f60 in bool ThawBase::recurse_thaw_java_frame<ContinuationHelper::CompiledFrame>(frame&, int) src/hotspot/share/runtime/continuationFreezeThaw.cpp:2092
    #6 0x7febd75a1f60 in ThawBase::recurse_thaw_compiled_frame(frame const&, frame&, int, bool) src/hotspot/share/runtime/continuationFreezeThaw.cpp:2249
    #7 0x7febd75a6aca in ThawBase::thaw_slow(stackChunkOopDesc*, bool) src/hotspot/share/runtime/continuationFreezeThaw.cpp:2040
    #8 0x7febd75aa156 in Thaw<Config<(oop_kind)0, G1BarrierSet> >::thaw(Continuation::thaw_kind) src/hotspot/share/runtime/continuationFreezeThaw.cpp:1825
    #9 0x7febd75aa156 in thaw_internal<Config<(oop_kind)0, G1BarrierSet> > src/hotspot/share/runtime/continuationFreezeThaw.cpp:2450
    #10 0x7febd75aa156 in Config<(oop_kind)0, G1BarrierSet>::thaw(JavaThread*, Continuation::thaw_kind) src/hotspot/share/runtime/continuationFreezeThaw.cpp:276
    #11 0x7febd75aa156 in thaw<Config<(oop_kind)0, G1BarrierSet> > src/hotspot/share/runtime/continuationFreezeThaw.cpp:253
    #12 0x7febbb89c526  (<unknown module>)

this time it is the map->location call through a nullptr 

template <ChunkFrames frame_kind>
template <typename RegisterMapT>
inline void* StackChunkFrameStream<frame_kind>::reg_to_loc(VMReg reg, const RegisterMapT* map) const {
  assert(!is_done(), "");
  return reg->is_reg() ? (void*)map->location(reg, sp()) // see frame::update_map_with_saved_link(&map, link_addr);
                       : (void*)((address)unextended_sp() + (reg->reg2stack() * VMRegImpl::stack_slot_size));
}

But SmallRegisterMap::location is for some platforms even UnImplemented so how does this work cross platform ?

https://github.com/openjdk/jdk/blob/332df83e7cb1f272c08f8e4955d6abaf3f091ace/src/hotspot/cpu/arm/smallRegisterMap_arm.inline.hpp#L56

-------------

PR Comment: https://git.openjdk.org/jdk/pull/20296#issuecomment-2248182106